Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Mar 2024 19:53:12 +0100
From: Solar Designer <>
To: Miguel Suarez <>
Subject: Re: help wanted - bring more issues in here

Hi Miguel,

Somehow you didn't send your message as a reply to the thread - as a
moderator, I've manually edited its headers to make it part of the
thread.  Going forward, when you want to comment on a thread in here,
please just hit reply on a message in the thread, so that your reply is
also part of the thread.  Also, posting from your phone is probably not
a good idea.

On Sat, Mar 09, 2024 at 07:21:55PM +0100, Miguel Suarez wrote:
> I have taken a look at the hep wanted mail threat, and became interested in it, so I wanted to ask for more details,
> I'm interested in the third subtask, I wonder how much time would this take

It can vary a lot, but I'd guesstimate half an hour per a reasonable
quality write-up on average.  Some lucky ones can take 5 minutes (just
forward a relevant message from another mailing list you're on, writing
only the Subject line).  Some complex ones can take hours (refer to
multiple sources, figure out what the issue really is, describe it in
your own words if no correct and complete description already exists).
Typical is in between (e.g., extract content from a blog post e.g. with
ELinks as I had suggested earlier, wrap it with proper attribution into
a properly formatted message).  There's no requirement on how many
issues you handle (during the period of your involvement, whatever it
is), but my expectation is that it won't be just one (otherwise it's
quicker for me to just handle that one myself rather than delegate it).

> and, if possible, small details on the requirements,

The messages you post should meet the list content guidelines:

When you're handling just the third sub-task, it means that I (or
someone else) have already made sure the topic is valid for the list.
So only the style and quality guidelines are left for you to meet:

- English

- Plain text (no HTML)

- When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type. For example, a
Subject saying only "CVE-2099-99999" is not appropriate, whereas
"CVE-2099-99999: Acme Placeholder 1.0 buffer overflow" would be OK.

- At least the most essential part of your message (e.g., vulnerability
detail and/or exploit) should be directly included in the message itself
(and in plain text), rather than only included by reference to an
external resource.  Posting links to relevant external resources as well
is acceptable, but posting only links is not.  Your message should
remain valuable even with all of the external resources gone.

and specific to this task:

- Third-party content you quote should be clearly separated from your
own writing as well as from other quotes (if you quote multiple
sources), and clearly attributed.

Please let me know off-list if you'd like me to suggest an initial task
to you.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.